If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ms. M: Yeah... the more I think about it the stranger it is.... It's become so annoying that I pulled myself back out of the demil zone to stop the darned thing logging it... It's incessant. I went and checked all the port forwarding etc. to make sure it hadn't been changed, checked the logs etc. at the firewall so it is being blocked, which gets my friend off the hook....

Actually this IP is getting a ton of traffic on lots of odd ports... Much more than it was before the weekend..... which implies the IP did change and people have picked up on the old "owner" as something of "interest". But the SFLM stuff is multiple per minute from multiple remote addresses right now. Too much for me to be bothered with in some ways..... Interestingly, many of the "attacking" IP's show up as "host down" when they are "investigated".... So there is a certain amount of sophistication going on at the remote location, whether it is by the user or by the software they are using.

I'll take a look at incidents.org but it'll have to be tomorrow 'cos I need to go home to my sweetie now..... Yeah, I have a "soft" spot.... Let's keep that as another "little secret"...

[edit]

Hmmmm... the worm theory you put forward..... It could be explained by a worm that propogates by another port, thus no apparent scan on this one, but it connects via this one to "pick up" it's "little buddy"..... Just a thought....

Hmmm..... A brain cell kicked in...... WOW

[/edit]

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

have you had any problems with ur zonealarm blocking the traffic. I remember a bug in ZA where if it recieves and blocks a exceeding number of SYN packets (over a hundred or something i think) it will crash. I'm sure some of u've seen/heard it. Just wonderin if they could somehow tell that u have a zonealarm firewall and r tryin to crash it. Just my guess on what they could be tryin to do...i know its far fetched but a high amount of SYN packets and ur firewall bein ZA u could never know.

Tiger: I had some log entries in my logs from Oct 28 that show a handfull of attempts inbound from Internet using that TCP port you reported but nothing alarming. But most interestingly I had about 20 entries inbound from Internet (on same TCP port) using internal LAN IP addresses - some were valid others were not.